Tales From The Helpdesk

Whilst this should not affect services we also need to perform some maintenance on some of the existing machines. There will be short outage of each of the machines but these should not take more than a few minutes each. These outages will be sequenced in such a way that incoming email always has a machine to accept, only fetching email will be affected when we cycle that particular machine.

A little later than planned, and after a month of hectic changes, reviews and audits we have finally flipped the switch and disabled all insecure login methods.

If you were previously fetching your email successfully and it no longer appears to be working then this will be the reason. You need to adjust the configuration of your email client to connect securely for both send and receive.

Details of the hostnames/ports that should be connected to are available on the Tidymail Services and Port Numbers page. But the summary is that any existing insecure configuration should be adjusted to require SSL or TLS.

As we noted in our original announcement back in December the security landscape has changed over the past 18 months, not only in its visibility and public awareness but also in regards to the importance of vigilance and good security practice.

2013 has been one of the most “interesting” and volatile for computing security for many years. The technical revelations regarding protocol issues with secure handshakes and the designed-in weaknesses in Elliptic Curve Random Number Generator, and Edward Snowden’s exposure of the NSA and other nations’ intelligence services behaviour in massive data gathering of anything they could tap into will have technical, social and political repercussions for many years to come.

The most immediate effect is the realisation that we should all be encrypting whatever we can.

At Tidymail we have always encouraged the use of secured connections. When we started the service more than 10 years ago we offered and encouraged the use of secured connections. Our web interface has only ever been offered via a secure connection and whilst for traditional email clients there were valid reasons at the time to allow insecure connections we no longer feel it is appropriate to allow these anymore. A year ago we added the facility to specify that an email client should only be allowed to connect securely. Now we feel it is appropriate to improve matters further.

From 1st April 2014 we will no longer permit insecure access for sending or receiving mail. All email clients will need to be configured to connect either via an SSL connection, or via a STARTTLS negotiated connection.

Details of the hostnames/ports that should be connected to are available on the Tidymail Services and Port Numbers page. But the summary is that any existing insecure configuration should be adjusted to require SSL or TLS.

This is not the only measure we are taking to improve the security of your email but it is the most visible to you. We continue to work on improving the parts of the system that are not immediately visible and we expect to improve the security of various aspects, both visible and not, over the next year and onwards.

Apart from the obvious selection of bug fixes the most obvious change is the new skin with layout changes. This is a slicker interface and has a number of benefits including the ability to have a three-pane view allowing folders, headers and message preview all in the one screen.

We trust you’ll like this new interface. If you have any questions regarding it please contact us at helpdesk@tidymail.co.uk

We suffered what appears to have been a volume spam attack between 04:50GMT and 11:00 GMT this morning. This caused intermittent access to various services during this period.

We have adjusted some of the thresholds at which our various counter-measures trigger and reinitialised some trend databases which has restored normal service and should maintain it whilst we examine log files and system metrics to determine how best to ensure there is no repeat.

Please accept our apologies if you experienced this intermittent service.

Today is World IPv6 Launch Day when IPv6 gets permanently enabled for service and equipment.. In the words of the global launch site

Major Internet service providers (ISPs), home networking equipment manufacturers, and web companies around the world are coming together to permanently enable IPv6 for their products and services by 6 June 2012.

We have been working hard behind the scenes in our own small way to make sure that both Tidymail and Wizmail are available on both IPv4 and IPv6.

We actually completed the bulk of this work over a month ago and have been testing and monitoring everything since and are now pleased to announce

Tidymail and Wizmail are now IPV6 enabled.

The websites, the POP and IMAP mail fetch services and the SMTP mail sending service are now available over IPv4 or IPv6.

This means all email hosted domains that have the correct MX settings are now automatically globally visible via IPv4 and IPv6. And once we have ironed out any initial wrinkles with general access and visibility we’ll be trying to see if there are any new services we can offer with this expanded IP space, so stay tuned.

We have always provided and encouraged the use of secure, encrypted communications to our servers but there have been recent events that have highlighted not only the importance of using encrypted links, but also ensuring that only trusted links are used.

As you may have read in various tech-press articles like this one configuring your email client to default to secure connections may not be enough to ensure the link was really secure since many clients when faced with blocked secure link silently fell back to insecure mode, allowing anyone in the path to read the id, password and email content.

We are pleased to announce that you can configure your account to ensure that even if your client falls back to insecure mode we will reject any connection attempt like an invalid account/password.

You may also need to ensure your email client is set to use either “TLS” or “SSL” or “Encrypted” links and that it is connecting to the correct port. Details of the preferred ports can be found here and configuration guides for various email clients can be found here

Please note that the third option on the page “Send from Authenticated Connections Only” is currently only of use for those remaining customers who are sending from permitted relay-ip address. This was the old mechanism for sending email where we simply trusted the IP address and is being phased out over the next few months.

We are pleased to announce that we have increased the mail quota for all Full account users to 500MB.

Following our system upgrades last year and extensive testing of the further stability improvements we have been able to increase the available storage for all our Full Account users as part of the standard offering.

Your current usage can be found by enquiring of the Mail Folder Usage web page or it may be presented by your email client. It can also be seen at the bottom of the folder list in the webmail client.